This Privacy Policy and Personal Data Protection, from now on referred to as “Privacy Policy”, is applicable, in generic terms, to the collection and processing of personal data provided by the Participants at the time of registration, henceforth just “Data Owner” of the services provided by the Organisation and its partners and associates, henceforth and in short referred to as “Organiser”, namely those collected through forms, websites, simulators, proposals, documents or other means (henceforth referred to as “Documents”), on paper or electronic medium, intended to allow contact with the organisation and the participation in the sports competition, with the application of the exercise of rights, by the Data Owner, regarding that data, as stipulated in the applicable legislation, namely, but not only, Regulation (EU) 2016/679 from the European Parliament and the Council, from the 27th April 2016, regarding the protection of the individual when it comes to the processing of personal data and free circulation of that data (GDPR). This Privacy Policy has a general and abstract character, and therefore, the information here presented may be complemented or removed, totally or partially, by other policies, warnings or information of more specific nature that may have been or will be eventually made available by the Organisation in the context of certain types of processing of personal data.

Personal data is any information regarding an individual that is identified or identifiable (the Data Owner). An individual is considered identifiable if they can be identified, directly or indirectly, in particular by referring to an identifying item, such as a name, an ID number, location data, electronic identifiers or one or more specific elements from the physical, physiological, genetic, mental, economic, cultural or social identity of such individual (henceforth referred to as “Personal Data”).

The Personal Data will be provided by the respective Data Owner in the act of filling the Documents, regardless of the medium, directly or through others.

The provision, to the Organisation, of the Personal Data collected in the scope of pre-contractual proceedings or during the registration process, besides the cases in which it corresponds to information necessary for the observance of legal and contractual obligations, represents necessary and essential requirement for participation in the sports competition.

The Personal Data shall be processed by the Organisation, according to the situations, either as “responsible for processing”, “subcontractor” or as “conjoint responsible for the processing”, for the purposes mentioned below in this Policy, in strict compliance with what is established in the current legislation in terms of protection of personal data.

3. DATA PROTECTION OFFICER (DPO)

The Organisation has appointed a person responsible for data protection (Data Protection Officer) who can be directly contacted by sending an e-mail to geral@clubechronos.com or by registered post to the following address:

CLUBE DESPORTIVO E RECREATIVO CHRONOS

C/O: Data Protection Officer

Av. Duarte Pacheco, nº 19 – 6º Dto.

1070-100 Lisboa

4. PERSONAL DATA PROCESSING

The Personal Data provided in the relationship established with the Organisation is processed in accordance with the legally applicable principles, namely:

Treated in a licit way, loyal and transparent;

Collected for specific, explicit and legitimate purposes, and they will not later be processed in a way that is incompatible with those purposes;

Adequate, pertinent and limited to what is necessary in view of the purposes for which they are processed;

Exact and, if necessary, actual, with appropriate measures being taken to ensure that inexact or incomplete datais deleted or amended, according to the purposes for which they have been collected or for which they will later be processed;

Preserved in order to allow the identification of their owners only during the strictly necessary period, and within what is legally allowed for the fulfilment of the purpose of collection or subsequent processing.

5. TYPES OF PERSONAL DATA

The Organisation only gathers and processes the personal data necessary to provide a quality service, in order to be able to rend the service provided, and to offer products and services that better suit the needs of its clients, as well as in order to be able to fulfil its obligations as “responsible for data processing” or “subcontractor” when it acts as such.

The Organisation will also take care of the personal data necessary for the observance of legal obligations it is subjected to, or for the satisfaction of its own legitimate interests.

In the scope of service provision, the Organisation processes the following categories of personal data:

Identification data from the participant, such as name, age, place of birth and nationality, address, national identity card, telephone contact, e-mail address, taxpayer number, clothes size, name and phone contact of the person to contact in emergency situation);

Other categories of personal data necessary to the purposes required at all times.

6. GOALS, GROUNDS FOR PROCESSING AND TERM OF RETENTION FOR PERSONAL DATA

The Personal Data is treated with the following purposes, centred, in each case, in the stated principles, and they are kept for the strictly required time for the fulfilment of such purposes, in accordance with the terms (or criteria used to define them) shown on the table below:

Goal

Principle of Lawfulness

Term of Retention

Processing necessary for the execution and management of participation in the sports competition or for pre-contractual proceedings with the intervention of the Organisation.

Presentation, proposition, celebration and execution of participation in the sports competition.

Until the end of the legal term of prescription of all obligations emerging from the registration, billing and participation in the sports competition.

Prospection and commercial action.

Consent from the Data Owner.

Legitimate interests of development and growth of the activity by the responsible for processing or by third parties.

Until the end of one year on top of the end of the contractual and legal relationship.

Legitimate interests in controlling the activity by the responsible for processing or by third parties.

For declaration, exercise or defence of rights in judicial proceeding.

Legal term applicable in each moment for each legal and juridical obligation to be observed, namely 10 years for the observance of fiscal obligations and 7 years for the observance of obligations related to the prevention of money laundering and financing of terrorism.

Until the term of prescription or caducity for the exercise of rights.

7. RECORDING OF TELEPHONE CALLS

During the telephone contacts between the Data Owner and the Organisation, in the scope of its activity, the latter may record the calls, if that is the case, while informing the Data Owner and with their consent, for purposes of management of the pre-contractual and contractual relationship by the Organisation and the observance of judicial and legal obligations, namely, as a way to prove the transmission of information and instructions, as well as for theimprovement of the services offered and their quality control. The telephone call recordings will be kept for the period stated in the deliberations of the National Data Protection Commission (CNPD), which define the principles applicable to the processing of data from telephone call recordings, namely Deliberation #1039/2017.

8. DATA COMMUNICATION

The Personal Data may be communicated to other entities and companies, partners of Clube Desportivo e Recreativo Chronos, whose identification data and contact can be requested at any moment from the Data Protection Officer, as identified above, and they may be treated by other entities under the sphere of action of the Organisation, if that is the case, as “subcontractor” or “conjoint responsible for the processing”, with which the Organisation may have subcontracted their processing, as well as the partners and people directly connected with the event/sports event’s organisation.

For the purpose of the aforementioned goals and in observance of the law, the Personal Data may be transmitted to judicial, administrative, supervisory or regulatory authorities, and also to entities that conform with or lawfully perform actions of data compilation, actions of fraud and money laundering prevention, market studies or technical-actuarial statistic studies.

9. RIGHTS OF THE DATA OWNER

The Personal Data owner has the right to ask the Organisation, and through it the entities and companies partners ofClube Desportivo e Recreativo Chronos, by means of a written request addressed to the Data Protection Officer for:

The access, within the legally required terms and conditions, to their Personal Data that are subjected to processing;

The amendment or updating of their Personal Data that may be inexact or outdated;

The processing of missing Personal Data when incomplete;

The deletion, in the situations specifically foreseen by law, of their Personal Data;

The limitation, once the conditions foreseen by the law have been met, in the processing of their own Personal Data.

Upon written request addressed to the Data Protection Officer, the Data Owner is also entitled to:

Remove the previously given consent, when the data processing is based on consent alone;

Oppose the processing due to reasons connected with their particular situation, when the data processing is based on legitimate interest from the “responsible for processing” or any third parties;

To receive from the one “responsible for the processing”, “subcontractor” or “conjoint responsible for the processing”, in current digital format that allows for automatic reading, their personal data that has been personally provided, processed by automated means with fundament:

in consent given by the Data Owner; or

in celebrated contract, with the possibility of requesting, in writing, the corresponding transmission directly to another responsible person, whenever that is technically possible.

The Personal Data Owner can also demand from the Data Protection Officer, more detailed information, namely concerning the goals, principles of lawfulness and terms of retention, as well as, submit complaints as to the way their Personal Data is processed, notwithstanding the possibility of doing so with the National Data Protection Commission (CNPD – Comissão Nacional de Proteção de Dados, telephone: (+351) 213 928 400; e-mail: geral@cnpd.pt; website: www.cnpd.pt).

10. PERSONAL DATA SECURITY

The Organisation has adopted technical and organisational measures to protect the Personal Data against their loss, accidental or illicit destruction or damage and, just as well, to ensure that the data provided is protected against the access or use by unauthorised third parties.

The Organisation guarantees the privacy and security in the transmission of its clients’, website and other online platforms’ visitors’ data, if they are available.

In the situations in which the Organisation subcontracts the provision of services to other entities, and these involve the disclosure of personal data, such entities will be obliged to adopt the necessary technical and organisational measures to protect the personal data against destruction, loss, change, dissemination, unauthorised access, or any other type of illicit treatment.

11. CHANGES TO THE PRIVACY POLICY

This Privacy Policy may be subjected to periodical changes, being released in the Organisation’s website and/or that of the event itself, or disclosed by any means from which a written recording will be made, including electronic or postal mail, without prior and express consent from the Data Owner. Any significant changes will be communicated with the degree of disclosure corresponding to their significance, whether by online release or, if the relevance so warrants, by means of individual communication with the Data Owners.